Merge branch 'master' of ssh://bitbucket.org/yackob03/quay

endpoints/api.py

@@ -1161,12 +1161,13 @@ def get_repo(namespace, repository):
 
 
 @api.route('/repository/<path:repository>/build/', methods=['GET'])
-@api_login_required
 @parse_repository_name
 def get_repo_builds(namespace, repository):
-  permission = ModifyRepositoryPermission(namespace, repository)
+  permission = ReadRepositoryPermission(namespace, repository)
-  if permission.can():
+  is_public = model.repository_is_public(namespace, repository)
+  if permission.can() or is_public:
     def build_view(build_obj):
+      # TODO(jake): Filter these logs if the current user can only *read* the repo.
       if build_obj.status_url:
         # Delegate the status to the build node
         node_status = requests.get(build_obj.status_url).json()
@@ -1190,7 +1191,7 @@ def get_repo_builds(namespace, repository):
       'builds': [build_view(build) for build in builds]
     })
 
-  abort(403)  # Permissions denied
+  abort(403)  # Permission denied
 
 
 @api.route('/repository/<path:repository>/build/', methods=['POST'])

static/js/app.js

@@ -2514,7 +2514,7 @@ quayApp.run(['$location', '$rootScope', 'Restangular', 'UserService', 'PlanServi
     function($location, $rootScope, Restangular, UserService, PlanService, $http, $timeout) {
 
   // Handle session security.
-  Restangular.setDefaultRequestParams({'_csrf_token': window.__token || ''});
+  Restangular.setDefaultRequestParams(['post', 'put', 'remove', 'delete'], {'_csrf_token': window.__token || ''});
 
   // Handle session expiration.
   Restangular.setErrorInterceptor(function(response) {